Category Archives: Uncategorized

When did federation become a blame game?

I have noticed a disturbing trend recently. A lot of vendors seem to have taken the position that as soon as their help desk finds out that there is federation with another vendor involved, they immediately toss it over the wall.

I have seen my company (Optimal IdM) have to spend a lot of time and resources helping customers when vendor that really needs to solve the problem won’t do even the basic trouble shooting as soon a federation is involved.

So here is the question, is this because not enough support folks understand federation, or is that they do but want to reduce their work queue and see a convenient scapegoat?


2011 in review

The stats helper monkeys prepared a 2011 annual report for this blog.


Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 7,600 times in 2011. If it were a NYC subway train, it would take about 6 trips to carry that many people.

Click here to see the complete report.

The new chapter in which I return to identity management.

The latest chapter of my career finds me back in the identity management business. I have joined OptimalIdM, a company founded by some great folks I worked with at OpenNetwork.

OptimalIdM’s main focus is their virtual directory product, VIS, but we also have federation products and other IdM plays.

The worlds first surveillance mascot

The London Olympics games have unveiled the mascots for the 2012 games. All I can say is WOW. And I don’t mean that in a good way. I mean that in the creepy, ugly, panopticony way.

I suppose it only appropriate that a country whose surveillance network causes the Chinese government to say “whoa, too much” should create an Olympic mascot that resembles a strange hybrid of the All Seeing Eye of Sauron and a Teletubby.

Ghost in the machine?

When the Toyota Sudden Acceleration Syndrome circus was in full swing I had a strong sense of déjà vu. We have been here before. What’s ridiculous is that the obvious answer is staring us in the face and we don’t want to accept it.

All modern cars have brakes that have far more stopping power than their engines can deliver. If you jam both the accelerator and the brake your car will stop (although I don’t recommend actually doing it).

So there are really two explanations here:

1) Some mysterious fault causes the brakes to fail while the accelerator suddenly engages. This fault is both unreproducible under lab conditions and undetectable after the incident.

2) The drivers are stepping on the wrong pedal.

Why is this important to you? The government is talking about require “smart brakes” on all new cars that would cut off the accelerator when depressed.  Some cars apparently already have this feature.

But this won’t do anything to help the driver that is simply pressing the wrong pedal. If required for all cars, it will raise the price of your next car for a feature that you don’t really need.

Identity Apocalypse Now

Jonathan Sander of Quest has this to say about the coming identity apocalypse. Interesting stuff.

This got me thinking to a fascinating aspect of identity management in the ASP (and SaaS) space, and that it the delegated nature of identity. For example my current employer CareMedic (now part of Ingenix) offers hosted services where authorization decisions are made based on the identity of the user. Since these are medical revenue cycle applications, the authorization decisions are covered by various regulations such as HIPPA.

But here is the interesting part. We don’t really need verify that the identity we know is actually a specific person. We trust our customers (the health care service providers) to validate that the identities they provide us are properly vetted and they determine the roles that those identities fulfill.

And this is the fundamental trust issue pertaining to the identity providers that Jonathan Sander discusses. The entity with the financial stake must validate the real person behind the identity.

Beware of greeks bearing gifts

Beware of greeks bearing gifts, or schools issuing laptops. Of course this situation could be addressed by a simple application of electrical tape.

You have to wonder exactly what the school was thinking would happen. How do you not get sued when you do something so monumentally dumb?